A correlation attack against user mobility privacy in a large-scale WLAN network

Authors:
Keren Tan;Guanhua Yan;Jihwang Yeo;David Kotz
Affiliations:
Dartmouth College, Hanover, NH, USA;Los Alamos National Laboratory, Los Alamos, NM, USA;Dartmouth College, Hanover, NH, USA;Dartmouth College, Hanover, NH, USA
Venue:
Proceedings of the 2010 ACM workshop on Wireless of the students, by the students, for the students
Year:
2010

Citing 3
Cited 0

Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data

ICML '01 Proceedings of the Eighteenth International Conference on Machine Learning
The devil and packet trace anonymization

ACM SIGCOMM Computer Communication Review
802.11 user fingerprinting

Proceedings of the 13th annual ACM international conference on Mobile computing and networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

User association logs collected from real-world wireless LANs have facilitated wireless network research greatly. To protect user privacy, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information such as the MAC addresses of their devices and their exact association locations. In this work,we demonstrate that these sanitization measures are insufficient in protecting user privacy from a novel type of correlation attack that is based on CRF (Conditional Random Field). In such a correlation attack, the adversary observes the victim's AP (Access Point) association activities for a short period of time and then infers her corresponding identity in a released user association dataset. Using a user association log that contains more than three thousand users and millions of AP association records, we demonstrate that the CRF-based technique is able to pinpoint the victim's identity exactly with a probability as high as 70%.